Protect yourself from phishing scams
What are phishing scams?
Phishing scams can come in different forms but all have the same aim – to trick you into giving away sensitive information such as passwords, banking details or verification codes.
Learn about the common phishing scams and how you can spot them.
Email phishing scams
Email phishing is the most common type of phishing scam.
It happens when you receive an email that appears to come from a trusted organisation. The email usually asks you to click a link or download an attachment to verify information or complete a transaction.
Example scam
You receive an email that looks like it's from your bank, saying your Internet Banking has been locked. It asks you to click a link to reset your password. The link takes you to a fake website designed to steal your log in details.
View tips on email phishing scams
Sense of urgency
Scam emails often create panic to pressure you into acting quickly without thinking.
Suspicious links
Do not click on unfamiliar links.
Suspicious sender address
Scam emails may come from addresses with spelling errors or unusual domains (e.g. @myg0v.au).
Spelling and grammatical errors
If you find any spelling mistakes or grammatical errors in an email, it is likely a scam. Carefully read through any incoming emails to spot any inconsistencies.
Unexpected attachments
Some phishing emails have attachments instead of links. Always be careful if you receive an email with an attachment you were not expecting as they may contain malware.
Smishing or SMS phishing scams
SMS phishing, also known as smishing, has increased significantly in recent years.
These scams often involve fake delivery notifications, urgent bank alerts, or messages claiming to be from government agencies. They usually contain a link designed to steal your personal information.
Example scam
You receive a text message that appears to be from a postal service stating your delivery has been delayed. The text provides a link for you to resolve the issue by paying a fee and rebook delivery. However, the link leads to a phishing site and there was no real delivery.
View tips on smishing scams
Unexpected SMS
Be cautious of any SMS you receive, especially if you were not expecting it. Verify the SMS by contacting the sender organisation via the details listed on their website.
Sense of urgency
Scammers will pressure you into acting quickly so you don't question the message.
Request for personal information
Most companies will never ask for any personal information via an SMS.
Fake or spoofed numbers
SMS scams can sometimes come from fake numbers however do not rely on this. Scammers can disguise their number to appear legitimate, even appearing within existing messaging thread from a reputable company.
Spelling and grammatical errors
If you find any spelling mistakes or grammatical errors in an SMS, it is likely a scam.
Vishing or voice phishing scams
Vishing usually involves scammers calling you and pretending to be from a trusted organisation such as a bank, government agency or even tech support.
These scams are becoming more sophisticated as scammers can even use AI voice cloning to imitate voices of real staff members.
Example scam
You receive a call from your bank claiming that your account has been compromised and to gain access back, you need to provide your details. In reality, the phone call you received was from a scammer gaining access to your personal information.
View tips on vishing scams
Unsolicited phone calls
If a phone call you receive out of the blue doesn't sound right, hang up and contact the company using its official number.
Sense of urgency
Vishing scams create a sense of urgency to make you act quickly. Do not feel pressured to make a decision over a phone call.
Request for personal information
Scammers will demand that you provide your personal information, PINs, or SMS passwords over the phone.
Inconsistencies
Ask probing questions and listen for anything that doesn't add up such as vague answers or overly scripted responses.
Impersonating a trusted organisation
Vishing scams usually involve scammers impersonating staff from trusted organisations such as your bank or even government agencies.
Vocal inconsistencies (AI voice cloning)
Listen for subtle signs that suggests the person on the other end is not real:
Monotoned
Lack of human sounds (e.g. clearing throat)
Unusual pacing and pauses in sentences
AI phishing scams
With AI, scammers can now create perfectly written, highly personalised messages that look just like they came from your bank or other trusted companies.
Example scam
You receive an email from your 'bank' informing you of suspicious activity and asking you to click a link to secure your account. The link leads to a fake login page designed to steal your details.
View tips on AI phishing scams
Suspicious links
Be wary of clicking any unfamiliar links in emails or SMS. Even if the email seems legitimate, always keep an eye out for any inconsistencies or errors before clicking on a URL.
Fake domains
Scam email addresses don't always look legitimate. If you do not recognise the email address, do not action anything on the email before verifying the email by calling the sender.
Request for more information
Phishing scams always request some form of information from you. Do not input any information through links in emails or SMS. Call the sender of the email to verify any requests.
Multi-factor authentication (MFA)
Adding another form of authentication to your email accounts and Internet Banking makes it harder for a scammer to gain access.
Other phishing scams
Phishing scams can come in many forms, the most common are email, SMS and phone however scammers will use any channel they can in order to scam you.
Example scam
Here are some other phishing scams to keep an eye out for:
Quishing (QR code phishing)
Clone phishing
Angler phishing
Evil twin phishing
Search engine phishing
Quishing (QR code phishing)
Scammers can embed malicious QR codes into emails and flyers which can take you to fake websites. Do not scan QR codes without verifying the source.
Clone phishing
Scammers clone legitimate emails but replace the real links in the email with their own phishing links. Clone phishing is a type of email phishing scam.
Angler phishing
Scammers impersonate customer service representatives and reach out to customers of a company on social media in order to steal their information.
Evil twin phishing
Scammers create unsecured free Wi-Fi networks that steal the data of any users who connect to it.
Search engine phishing
Scammers create fake websites and use tools to have these fake websites rank high in search engine results.
Phishing scams are here to stay
Phishing scams are becoming increasingly sophisticated.
But who knows how to spot a phishing scam? You do. That's who.
Always take a moment to stop and verify before you click on any unfamiliar links to share sensitive details. If something doesn't feel right, contact the organisation directly even if it takes extra time to verify the request.
Sources
Report a scam or fraud
If you think you've been the victim of fraud or a scam and are worried about your account security, we can help.
The information in this communication is general in nature and is intended to raise awareness about common scam tactics and preventative measures. While the information may assist you in mitigating your risk and exposure to scams and fraud, this is not guaranteed in any way. Examples are illustrative only and are subject to the assumptions and qualifications disclosed. Whilst care has been taken in preparing the content, no liability is accepted for any errors or omissions in this communication, and/or losses or liabilities arising from any reliance on this communication.